Generally, the present application relates to data processing. More specifically, the application is related to techniques for multi-factor authentication (MFA).
Modern businesses rely on a variety of applications and systems that control and generate information that is critical to business operations. Different applications often provide different services and information, and different users may require access to different levels of information within each system or application. The level of access that users are granted may depend on the role of the user. For example, a manager may need access to certain information about employees that report to him, but it may be improper for that manager to access the same information about those whom he reports to.
Access management systems are implemented to control access to many different resources. In enterprise and cloud environments, users typically may have access to one or more different systems and applications. Each of these systems and applications may utilize different access control policies and require levels of authentication. An access management system may challenge a user to verify his/her identity to determine access to a resource. The user may be challenged for information based on a combination of “what you have,” “what you know,” and “who you are.” Some access management systems implement multi-factor authentication implementing multiple different methods of authentication to verify a user's identity. Some access management systems determine authentication based on possession of another device. A device for MFA may not be customizable for use with different access management systems and/or resources by multiple users. The device may not be transferable and/or shared by multiple users. Using multiple factors of authentication is gaining ground as a more secure method authentication to prevent fraud.